Login

Tag Archives: NextGEN Gallery

Plugin Security Scorecard Grade for NextGEN Gallery

Checked on August 1, 2024
B+

See issues causing the plugin to get less than A+ grade

10 May 2024

Not Really a WordPress Plugin Vulnerability, Week of May 10

In reviewing reports of vulnerabilities in WordPress plugins to provide our customers with the best data on vulnerabilities in plugins they use, we often find that there are reports for things that don’t appear to be vulnerabilities. For more problematic reports, we release posts detailing why the vulnerability reports are false, but there have been a lot of that we haven’t felt rose to that level. In particular, are items that are not outright false, just the issue is probably more accurately described as a bug. For those that don’t rise to the level of getting their own post, we now place them in a weekly post when we come across them.

Cross-Site Scripting (XSS) in NextGen Gallery

Our firewall plugin has been blocking attempts trying to exploit what at least one hacker believes to be a vulnerability in the plugin NextGen Gallery, where the attempt looks like this: [Read more]

31 Oct 2023

Authenticated Local File Inclusion (LFI) Vulnerability in NextGEN Gallery

WPScan recently claimed there had been an admin+ local file inclusion vulnerability in the WordPress plugin NextGEN Gallery. That wouldn’t be a vulnerability, as Administrators can already do the equivalent of that. The proof of concept suggested that if there really was vulnerability, it wasn’t only accessible to Administrators. One of the steps suggests that anyone with the ability to create posts or pages could exploit this:

[Read more]

12 Oct 2022

Two Weeks On, Automattic’s WPScan and Patchstack Haven’t Warned About Vulnerability Impacting 600,000+ WordPress Websites

How WordPress security companies market themselves and what they actually deliver are often far apart. Unfortunately, WordPress and security journalists are failing to provide critical coverage that would warn people about what is going on.

As an example of what is happening, take Automattic’s WPScan, which as can be seen by their Twitter banner image, claims that with them with you would “be the first to know about new WordPress vulnerabilities” [Read more]

29 Aug 2019

Vulnerability Details: Authenticated SQL Injection in NextGEN Gallery

We often find that other data sources will repeat claims made about security vulnerabilities without even be provided enough information to double check the information. Other outlets have run without any reservation a claim by Fortinet about a SQL injection vulnerability in NextGEN Gallery:

[Read more]

26 Feb 2019

Hackers Are Probably Already Exploiting This Authenticated Option Update Vulnerability Just Fixed in Freemius

On Sunday we had probing on our website for usage of the plugin WP Security Audit Log, which has 80,000+ installs according to wordpress.org, from what looked to be hackers. Considering that plugin is known to vulnerable we didn’t further check in to what was going on, which was a mistake, but one that other monitoring we do allowed us to rectify today.

As part of our daily monitoring of subversion log messages from the WordPress Plugin Directory for mentions of security fixes, we found that 10 plugins had mentions of security fixes yesterday, which is way out of line with what we normally see and hinted that there might be a common issue between the plugins. As we started trying to figure out what was going on, we noticed that many of them were updating a third-party library Freemius, which is described as  a”[m]onetization, analytics, and marketing automation platform”. In looking in to that we noticed that Freemius was citing WP Security Audit Log as using their library. With one of those plugins, looking at the changes made, we saw the possibility that a major vulnerability had been fixed. Further checking confirmed that an authenticated option update vulnerability was fixed, which would allow anyone with access to a WordPress account to take over a website and is a type of vulnerability hackers have tried to exploit widely in the past so there is likely to be plenty of attempts due to this. [Read more]

1 Aug 2017

What Happened With WordPress Plugin Vulnerabilities in July 2017

If you want the best information and therefore best protection against vulnerabilities in WordPress plugins we provide you that through our service.

Here is what we did to keep those are already using our service secure from WordPress plugin vulnerabilities during July (and what you have been missing out on if you haven’t signed up yet): [Read more]

28 Nov 2016

Authenticated Remote Code Execution (RCE) Vulnerability in NextGEN Gallery

In reviewing reports of vulnerabilities to add them to our data, two of the important things we do is determining what type of vulnerability there actually is, as sometimes vulnerabilities are mislabeled, and we also check to make sure that vulnerability has actually been fixed. Those two can together when looking at a recent report of a local file inclusion (LFI) vulnerability in NextGEN Gallery.

Worth noting before we get in to the details is that the changelog entry for the version that was supposed to fix this, 2.1.57, lacked any mention of a security update. [Read more]

6 Jan 2016

Ridiculous Vulnerability Report: NextGEN Gallery Cross site Scripting (XSS) Vulnerability

All too often we see that very serious security issues are not treated with the significance they should. What doesn’t help that situation is when security companies and other in the security community take relatively minor issues and try to make them in to something much larger than they actually are. Let’s take a look at an example that we came across the other day while reviewing new reports of vulnerabilities in WordPress plugins.

A company named Cyber Security Works put out a report claiming there is a “High” risk cross-site scripting vulnerability in the NextGEN Gallery plugin. The vulnerability report describes it as such: [Read more]